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Previous Work/Current Techniques

ICTR-related techniques

. Identification of events by content

_ Tor node dictionary generation — available from web site

. HOMING TROLL — Bridge discovery prototype that feeds dictionary

_ Statistical deanonymisation research (MCR)

. NEWTONS CRADLE (JTRIG)

_ TRIBAL CARNEM (with CT)

. EPIC FAIL (CT)

. Bulk traffic logging

_ QUICK ANT - Low latency deanonymisation. Prototype under evaluation.
. Introducing timing patterns — report available

_ Hidden service investigation — report available

. Shaping research — some initial experiments.

. Some extraction of hidden service domain names from passive events.
_ Tor implementation analysis (contract task)

Also some work (through contract) on Freenet.
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lCTR-NE Goals for 2012/13

Our plans at present are:

- Tor deanonymisation — collaboration with MCR and JTRIG
- Tor shaping — with JTRIG
- Contract: next stage of Tor Implementation Analysis

lCTR-CISA: record hidden service hostnames (*.onion) in NATURAL SELECTION.
 so REMATION ll fits in well.

Any questions?
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Reference: Ideas (2011)

- Maintain knowledge of Tor network — Pullthrough from NE?

- Log Tor events into HAKIM for target discovery — TR—FSP

- Build tool to implement low latency attack? — ICTR

- Collecting traffic at exit nodes to feed passive SIGINT — JTRIG

- Testing of MCR passive deanonymisation technique. — MCR/JTRIG/ICTR

- Active injection and detection of timing patterns (probably following test of MCR technique) —
ICTR/JTRIG/MCR

- Herding of targets through our exit nodes (THEMP) — ICTR/JTRIG

- Bulk logging of hidden service onion addresses (possibly only those hosting web sites) — experiment carried
out by ICTR

- Characterisation of hidden web servers by passive analysis — ICTR?

- Characterisation of hidden web servers by web crawling — ICTR?

- Identification of IP addresses hosting hidden services — ICTR?

- Ongoing use/maintenance of TRIBAL CARNEM — CT

- Find TDIs that appear on Tor and non—tor IP addresses (EPIC FAIL) — CT
- Understanding Tor circuit creation and destruction — ICTR contract

- Understanding future developments in Tor — ICTR contract?

- Spotting private Tor networks — ICTR?

- TorChat investigation? — ICTR?
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Reference: Data Sources

° Tor node consensus (obtained by Tor client) —
UNCLASSIFIED

- Information on Tor Bridges — CONFIDENTIAL
° Collection from exit nodes — SECRET
- Passive intercept (SECRET/TOP SECRET)

— SSL events in c|oud(s)
— Tor packet logging (ICTR system)
— Content exiting Tor network
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